My Oracle Support Banner

How To Generate New Self Signed Keys For SAML Federation Signing and Encryption (Doc ID 2849641.1)

Last updated on APRIL 21, 2023

Applies to:

Oracle Access Manager - Version and later
Information in this document applies to any platform.


OAM provides a self signed certificate (two in OAM 12c) for signing and encryption of SAML message which is created during the provisioning of the OAM domain.  By default this certificate is valid for 10 years.  Generally as this certificate is used only for signing and encryption (and not identification) it should not need to be replaced.  However, a need may arise to replace the default certificate due to issues with the initially created certificate (such as an undesired certificate subject name) or a requirement to use a certificate signed by a specific or public certificate authority. This note will provide instructions for creating a new self signed certificate and configuring it for use either systemwide or with one or more SAML partners.  Please note at this point in time, OAM only supports the use of one signing and one encryption certificate per partner at a given time.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.